Busy entrepreneurs often don’t have the time nor skillset to act as their own IT manager, nor the financial resources to hire someone in-house. And yet, they have valuable customer data to protect and too many cloud apps to manage on their own.
If that sounds like you, odds are you want to engage a managed service provider (MSP) to identify your needs and provide and manage your IT systems on an ongoing basis.
“[The IT service provider] is a critical role that touches nearly every aspect of your organization, from business development to finance, marketing to operations,” says David Carlson, VP of managed services at Sirius, one of the largest IT resellers in the world. So, “you’ll want to make sure that you’re getting the right provider for your business and that you know how to measure their effectiveness throughout the relationship.”
Below, you’ll hear from three businesses that went through the process of evaluating and selecting an MSP in the past year. Their lessons learned are fresh in their minds and offer guidance to entrepreneurs searching for the right IT partner.
Andy Mark, CFO at QV Investors
QV Investors is an independent, Canadian investment manager providing security selection, portfolio management and client communication.
Judy Hubbard, COO at Ronald McDonald House Charities of Northeast Ohio
Ronald McDonald House Charities of Northeast Ohio enhances the healthcare experience for families and children through comfort, care and supportive services.
Peter Chen, CFO at Volk Optical
Volk Optical is the leading brand manufacturer of ophthalmic lenses, diagnostic imaging and surgical products for the ophthalmic industry.
As CFO of QV Investors, Andy Mark is responsible for the financial, administrative and compliance functions of his investment management firm and helps manage day-to-day operations as part of QV’s Management Committee. When vetting potential MSPs, goals were a primary focus for his team.
“We want our partners to understand our goals as an organization and help us reach those goals,” Mark says. “Likewise, we want to know the goals of our partners so we can understand our part in helping them reach those goals.”
In those early conversations, QV explained how the prospective MSP’s work would fit into the firm’s goals, Mark says. In exchange, the MSP noted metrics that are important to them (for example, response time) and identified behaviors QV could tweak to help the team provide better service and meet its KPIs. The result has been better solutions for QV, Mark said.
“Ultimately, we are partnering with our MSP, and our successes are related,” he added.
The specifics of this goal-matching vary by company, of course. For instance, a digital marketing firm with a goal to develop a proprietary CRM would complement an MSP that wants to develop its own IP. An MSP aiming to double the number of users it supports would do well to partner with businesses with similar aspirations so that per customer revenue grows organically. And MSPs are increasingly developing vertical expertise, so they often look to partner with businesses in a specific sector.
Judy Hubbard, COO at Ronald McDonald House Charities of Northeast Ohio, stepped into her role in September 2020 and was immediately tasked with facilitating the merging of two chapters of the organization. Hiring IT in-house wasn’t an option, so she sought an MSP — a proactive one.
“We were looking for a true partner, not a transactional MSP,” Hubbard said. “We didn’t want a provider that just responded to help desk questions.”
If two systems that needed to integrate stopped “talking to one another,” for example, Hubbard didn’t want to submit a help desk ticket, then sit and wait 48 hours for an email response. She wanted to know that her MSP had a track record of first call resolution backed by an established, smooth workflow with proactive monitoring and designated folks to call for prompt support at each step.
Mark, meanwhile, was concerned that his future MSP’s processes wouldn’t fit with his own. With only one support employee, his resources were already stretched thin. To Mark, it was critical that his potential IT partner had similar communications preferences and workflows to QV’s, so the duo could resolve issues quickly. For example, if QV is planning a critical system upgrade, it will be organizing with the vendor, internal and external software developers, its MSP (regarding hardware) and other stakeholders like internal staff. Having an understanding of the processes for each of those groups helps him plan the project and determine when each needs to get involved.
“We want to understand [a potential MSP’s] technical expertise, how they communicate internally and externally, how they develop their teams and educate their clients on their ever-changing [industries] and their approach to integrating with our workflows …,” says Mark.
Ask potential MSPs to share their standard operating procedures (SOPs) and workflows: Are there manual touchpoints that lead to error and wasted time, or is everything automated? Are they tied to a ticketing system, or do they have a more flexible approach?
That final point was especially important to Peter Chen, CFO at ophthalmic device manufacturing company Volk Optical.
“Some MSPs are more driven by a ticketing system,” says Chen. “They’re reactive and ticket-based, rather than looking at the technology holistically. It was important to understand how the MSP actually works.”
Some MSPs are only called in when something is broken. An employee forgets their password, the VPN goes down, or the server crashes. Others are service-driven and manage all systems, technology processes and vendor relationships/contracts. Then there are “virtual CIOs” who take a more consultative, hands-on approach to helping you figure out how technology can support your business goals and drive the outcomes you’re looking for.
At Volk, “we needed a vCIO, not a ticketing system,” says Chen. “We wanted an IT partner, not just a break-fix shop.”
You want to know that the MSP is recognized as an expert both in the industry and by their clients.
It’s easy to go on LinkedIn and find glowing recommendations, but those won’t do you much good if you’re looking for the true story. Instead, search Google for information regarding whether the firm has been featured in media or secured high-profile speaking engagements with another organization. (Speaking at their own event or in their own webinars doesn’t count.) See if they are members of a peer group; this is often an indication that they’re sharing best practices and learning from other MSPs.
There are some details you’re going to have to ask the potential MSP for outright. Ask for their customer satisfaction scores. And if you see an outlier bad score, ask them to explain. Was it a breakdown in communication resulting from a bad fit? Was the team unable to provide the necessary expertise? Did they have to charge outside of the contract for the service, leaving a bad taste in the customer’s mouth?
Ask to see the last three years of client lists. Look to see how many new clients the MSP has signed each year and how many existing clients drop each year. High customer churn is a warning sign.
How to Gauge Your Technology Vendor’s Viability — Before Things Go Wrong: Vetting potential technology vendors starts with understanding how their particular corner of the industry is trending. We’ve got a pulse on MSPs and other types of partners.
Look for an MSP whose customer base has similar needs to yours. If you’re an accounting firm, look for another CPA on the list. Combined with the MSP’s certifications (more on that below), this will help you gauge whether they have the skill set and regulatory experience to support your business.
Chen vetted potential partners’ clientele when seeking an MSP for Volk Optical, he says. Volk is in both the manufacturing and medical device sectors, so Chen sought an MSP with clients in both to ensure experience on the factory floor and familiarity with HIPAA compliance.
Finally, ask MSPs for case studies on customers who had similar needs to yours. Hubbard, for example, needed a partner with proven experience managing mergers, so she asked for an example of a customer her MSP had helped through that process.
Carlson advises asking potential MSPs how many resources are in their network operations center (NOC). Do they work with their own employees or 1099 contractors — who aren’t fully dedicated resources? Particularly for organizations in multiple time zones, you want a team that’s available 24/7 in the NOC and at the help desk.
“A lot of companies will say they’re monitoring networks 24/7, 365 — well, that doesn’t really mean anything,” says Chen. “What do I do when I need a person during off-hours? We’re a global company in time zones around the world, so we really needed around-the-clock availability.”
Ask your potential MSP about compliance certifications like SOC 2 compliance and whether their compliance status is audited.
“SOC 2 is an industry standard for security that requires MSPs to prove all kinds of processes and procedures,” says Carlson. “It isn’t a small undertaking, so small MSPs may not have been through the auditing process.”
MSPs lacking SOC 2 certification may be less expensive, but you have to ask yourself whether you’re willing to take that chance on security.
A slightly less demanding certification is the ISO 27001, which requires an information security management system that enables MSPs to secure items like financial information, intellectual property, employee details and information entrusted to third parties.
If you’re in a regulated industry such as healthcare or financial services, it might be trickier since there’s no single certification program for regulations like HIPAA. This is another instance in which a client list can come in handy — use it to gauge whether the MSP has the experience you need.
You can also ask to see third-party certifications from technology distributors or vendors. In most cases, a vendor or distributor ensures the MSP is qualified to represent its products or services via internal certification classes and tests. If an MSP can’t provide any certifications related to your field or downplays their importance, then move on.
It isn’t just the MSP business that needs to be certified. The engineers working on your project should be certified in your desired areas, too.
“We quickly realized that a problem with some of the larger MSPs was that we didn’t know the quality of the engineers we’d be getting,” says Chen. “Looking at qualifications was a deciding factor.”
Make sure the engineers you’ll be working with not only have the technical chops required but also jibe with your company culture. All the certifications in the world can’t make up for a tech who doesn’t know how to communicate with the client.
“We made sure to move beyond talking with the sales rep,” says Hubbard of her experience evaluating MSPs. “We wanted to talk to the people who would actually be working on the project, so we brought in the engineers to make sure it was a good fit.”
While your initial conversations will be with the MSP’s sales or executive teams, it’s the techs you’ll interact with on a day-to-day basis. Meet them to see if they have the same communication style as your employees.
“I look at where the engineers are getting their education from,” says Chen. “Our workforce is blue-collar, so it was important to have someone from the area that could connect with our people. If they have problems on the plant floor, they need someone they can relate to, not some computer science guy from Silicon Valley.”
Perhaps diversity is a cornerstone of your company culture. Will engineers of various backgrounds be on your account? If your clients expect to see business attire in your office, ask about your MSP’s dress code; you probably don’t want ripped jeans where customers can see them. Do your employees tend to initiate friendly conversation with folks in the office? If so, look for an MSP that isn’t all business, all the time.
As mentioned, MSPs come in all flavors. Pricing structures vary between types: Some MSPs charge by the hour. Some have their own formulas with which they calculate a monthly fixed rate. Some charge extra for projects beyond the most basic scope of work, like configuring a new server or integrating new cloud applications. Some charge per user while others charge per device, and still others charge per hour. Unfortunately, there’s no blanket advice for which pricing structure you should go with. It depends on your needs and resources.
Keep in mind that what appears to be your cheapest option will sometimes wind up costing you more on the back end. If an MSP has a low hourly rate and assures you’ll only need a few hours per month, that can come back to bite you if you run into a snag or want to upgrade technology solutions. It might seem cheaper to pursue a per-device pricing scheme because its costs are lower than per-user, but what happens when each of your users has a laptop, a desktop, a mobile phone and an iPad? That adds up.
“The pricing structure was a tricky thing to figure out,” says Chen. “I prefer a fixed rate. I don’t want to have to dig in there to manage variable costs. Simplification of the billing played an important role.”
Flexibility is key — as is preempting surprises.
“I needed to know the full cost [of my MSP] up front,” says Hubbard. “I didn’t want an MSP that would try to fit me into their business model. I needed someone who would be malleable enough to fit themselves to our needs.”
A service level agreement, or SLA, lists the services the MSP will provide and the quality standards it commits to. It details how the MSP will make things right if its team falls short and might also cover details like how much server downtime is acceptable in a month, how often backups are expected to occur or who is liable for a security incident.
Your MSP contract will contain a termination clause, which Carlson recommends reviewing closely. Within your termination clause, there’s often a precondition that specifies how long the MSP has to correct issues before you can get out of your contract and how long you have to settle any outstanding charges on equipment or products.
Also ask the MSP who is expected to hold cybersecurity insurance. Most reputable MSPs, unless they are very small or very new, hold their own cybersecurity insurance. This is important because it protects you from losses related to cybersecurity incidents. Understand the MSP’s liability and what will happen if it has to pay you back for a security incident.
Carlson suggests bringing in a lawyer with experience in IT service contracts, as “you don’t want to be on the hook for something you weren’t aware of.”
Also carefully consider the length of the contract. They can run from a few months to several years, with most landing in the 12-36 month range. You’ll probably get a price break for signing a longer-term contract, but then you may be stuck with an MSP you don’t like — for years. Also remember that, like any service provider, the MSP has the right to increase your rates at the end of your contract. You might not want to go through that every six months.
One take: Chen’s team “didn’t want anything too long-term, because we wanted the MSP to know that they need to work to keep the relationship,” he says.
You’ve got room for negotiation in your contract, too. For example, most contain an effective date (on which you’ll sign the contract and begin the onboarding process) and a commencement date (when the SLA and monthly recurring charge come into effect). In between, there’s onboarding, which often carries its own one-time, “outside-of-scope” fee. If you don’t want to pay that fee, you might be able to negotiate by offering to sign up for a longer term.
Choosing an outsourced IT provider may be more of an undertaking than it seems at first glance, but once you find the right partner, it can make a real difference in how you support employees, customers and growth goals. Doing legwork up front will save you time and headaches in the long run. Don’t be afraid to ask questions until you’re clear on the answers, and don’t be afraid to push back if a prospective MSP isn’t giving you the information you need. You’re entrusting your managed services provider with all of the detail and data that’s critical to your business. Make sure you’ve got the right fit.